What OEMs and the NHTSA Need to Know About Secure V2V Technology

In the near future, a self-driving car does the driverless equivalent of slamming on its brakes. It’s been told that there was an accident directly ahead, and so takes the safe course. The cars behind it get different information, and some keep driving while others brake randomly. There was no accident. This whole scenario was caused by false information by a malicious hacker. That’s exactly the scenario facing the automotive industry as they work to implement vehicle-to-vehicle (V2V) communication. The challenge is to find a way to let smart cars talk to each other while maintaining security.

V2V is an integral part of the autonomous driving experience. That’s why the federal government and other regulatory boards are working on making an industry standard for secure communications. In doing so, they have to understand fully the limitation of traditional Directed Short Range Communications, and work with the auto industry to enact standards that meet every security requirement.

The NHTSA and V2V

The National Highway Traffic Safety Administration has been studying V2V communications for several years. In 2014, they issued an advance notice of proposed rulemaking about implementing mandatory V2V communication systems in “new light vehicles,” giving the public a chance to comment and make suggestions. This comment time was specifically directed at automakers and technology companies who would have the most insightful input.

As Transportation Secretary Anthony Foxx said at the time, highlighting the importance of V2V, “Safety is our top priority, and V2V technology represents the next great advance in saving lives. This technology could move us from helping people survive crashes to helping them avoid crashes altogether – saving lives, saving money and even saving fuel thanks to the widespread benefits it offers.”

The public comment session was extremely productive, soliciting advice and input from advocacy groups, state and local governmental bodies, non-profits, manufacturers, industry organizations (including business and labor groups), and concerned independent citizens. While very few were opposed to the idea as a whole, there were issues brought up regarding the way V2V would be implemented, and the potential drawbacks of a slipshod implementation. The main topics of concern, reflecting industry-wide interest, were:

Security

Privacy

Liability

After the public comment period ended, the NHTSA was spurred into action by the Obama Administration, which called for the proposed rulemaking by the end of 2015– over a year ahead of schedule. The urgency of public safety was too great to delay the report, the administration argued. In January of 2016, the NHTSA released to the Office of Management and Budget the Federal Motor Vehicle Safety Standard (FMVSS) 150 – Vehicle to Vehicle (V2V) Communication proposed rule. As of now, there is little public information as to what it says. But what is known is that the vetting, reworking, and ultimate approval of the rules will be a long process.

In other words, it isn’t happening soon. And one of the reasons it isn’t is because of legitimate concerns with how to safely and securely implement widespread V2V communications.

V2V and the Danger of False Messages

“False messages” are among the most dangerous issues with faulty or insecure V2V communications. False messages are where a non-vehicle hacks into a system and poses as another vehicle, presenting misleading information. This is actually considered by many to be fairly simple, though with wide-reaching and dangerous consequences.

If a hacker were to use a “fake car” to break into a system, they could trigger a variety of problems. The transmission of illegitimate information is the most likely use of false messages. In a positive V2V scenario, one car who “sees” an accident up ahead will quickly communicate with all the cars trailing behind that they need to brake or slow down, or that they need to move over. This can only work if information is accurate and can be transmitted correctly. Throwing fake information into this scenario can cause cars to veer off or start acting discordantly. This poses a serious danger to both drivers and the vehicular infrastructure. There are a few reasons for people to do this, mostly for personal convenience. If a private car were to imitate an emergency vehicle, they could clear the road in order to go faster, or otherwise manipulate traffic in their favor. Causing disruptions in traffic can also be used for criminal purposes.

A less likely, but arguably scarier use of false messages is vehicle targeting. This is where cybercrime can blend into physical crime. By sneaking into the system, criminals can ascertain where cars are on the road. They can pinpoint larger and more expensive cars for breaking into, or even follow to see where the driver lives. It’s just another piece of information for the criminally-inclined.

The Right Technology Makes V2V Possible

We know that V2V is the linchpin to any widespread autonomous driving platform. Cars have to be able to communicate with each other to ensure safety. It’s the next great leap forward in automotive development. This makes security for V2V one of the biggest issues facing the automotive industry today.

That doesn’t just mean establishing a good system: it means being able to continuously update, monitor, and improve any security system. Hackers are constantly evolving and generating new ways to target weak points in any computer’s security. A car that is safe today might be vulnerable tomorrow. If automakers don’t have a way to update security and send patches to all affected modules, the entire system is threatened. Any car unable to securely and safely receive updates becomes the weak point.

A secure OTA platform that can react in real time to cybersecurity threats and develop instant systems to stop them is required in order for V2V to work. We need to develop a powerful security system to begin with, and need to be able to update it whenever the need arises.

As the auto industry is changed by technological and economic currents, OEMs and Tier-1 manufacturers will need to partner with technological specialists to thrive in the era of the software defined car. Movimento’s expertise is rooted in our background as an automotive company. This has allowed us to create the technological platform that underpins the future of the software driven and self-driven car. Connect with us today to learn more about how we can work together.